From 49f70f198a0bd1b72ae05b76ba8c2a013aa9ec5b Mon Sep 17 00:00:00 2001 From: Andrew Cady Date: Sun, 26 Mar 2017 23:08:20 -0400 Subject: Ensure we can decrypt the luks key before attempting to use it This just fails earlier when the wrong GPG key is used. The correct solution is to avoid the failure by testing for GPG keys before offering disks to boot. --- src/initrd/btrfs-create.sh | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'src/initrd') diff --git a/src/initrd/btrfs-create.sh b/src/initrd/btrfs-create.sh index 3066331..c076b9e 100644 --- a/src/initrd/btrfs-create.sh +++ b/src/initrd/btrfs-create.sh @@ -224,12 +224,18 @@ open_samizdat_blockdev_from_loop() open_samizdat_blockdev() { local dev="$1" keyfile="$2" + local cryptname=samizdatcrypt decrypted_keyfile=/luks.secret - local cryptname=samizdatcrypt gpg2 --verify "$keyfile" || return + + # TODO: we should be ensuring we can decrypt this secret key before even + # offering the option to boot the encrypted filesystem + # The first --decrypt merely strips the signature. The option is # poorly named for that case. - gpg2 --decrypt "$keyfile" | gpg2 --decrypt | cryptsetup --key-file - luksOpen "$dev" "$cryptname" || return + gpg2 --decrypt "$keyfile" | gpg2 --decrypt > "$decrypted_keyfile" || return + + cryptsetup --key-file "$decrypted_keyfile" luksOpen "$dev" "$cryptname" || return [ -b /dev/mapper/"$cryptname" ] || return -- cgit v1.2.3